AGJSR 31 (Special Issue) 2013: 314-324 Dezhen Yang et al

Design-in of Reliability through Axiomatic

Dezhen Yang; Yi Ren; Zili Wang and Linlin Liu School of Reliability and Systems , Beihang University, Beijing, China

ABSTRACT Sp. Issue 2013/ # Paper 2 To completely meet the requirements of reliability design in the Corresponding author: product designing, an axiom-based Design-in Reliability approach Yi Ren is proposed. In light of the axiomatic design principles, products are Mailing address: No. 37, Xueyuan Road, Haidian District, Beijing, designed preliminarily to establish their functional requirements. 100191, P. R. China According to these, functions preserving requirements are augmented, E-mail: [email protected] which constitute a Functional Requirement Preserving domain included Tel: +86-10-82313173 in functional domain, and derives the parameterized solution for Fax: +86-10-82317663 reliability design systematically. Subsequently, the design parameters are augmented and optimized to achieve the functions preserving requirements. Mapping model of the augmented functional domain and the physical domain is established. And a solutions evaluation approach KEYWORDS based on Independence Axiom is proposed. Ultimately, via identifying the potential failure modes from the perspective of the disappearance Keywords-Reliability; or reduction of functions preserving capability, a control process is Independence axiom; Axiomatic design; Failure modes mitigation; elaborated to mitigate the failure modes on the basis of independence Functional requirement preserving axiom and logic decision in order for the reliability requirements to be domain; Temperature sensor implemented. Being exemplified by the design of a temperature sensor, the present study demonstrates that all approaches are feasible, efficient, and could be applied in real engineering scenarios.

Introduction (Diyar, et al., 2011). Currently, reliability test is the main method for evaluation, but it could be carried As an optimum approach for product design, out until the prototypes are manufactured, which reliability design is to minimize the products’ is time-consuming and is prone to redesigning flaws (Huang and Zhang, 2009; Wanget al., 2010; (Yao, et al., 2012). Although a new approach Xiao et al., 2012). Its core idea is to progressively through simulation has been proposed recently, it understand the loads and stresses of each component, is not applicable to system- products for its gradually recognize the failure modes and complexity. All the deficiencies in those methods mechanism, actively eliminate the exposed failure restrain the application and development of modes or reduce the occurrence probabilities, and reliability technology in engineering practices narrow the uncertainties and satisfy the reliability (Gong , et al., 2012; Li, et al., 2011). requirements (GEIA-STD-0009, 2009). The Orienting to product development processes, traditional technology of reliability design, being professor Nam Pyo Suh developed Axiomatic more dependent on “experience”, often make it Design (AD) principles (Pyo, 1990), which laid difficult for the results to be evaluated directly a scientific foundation for , especially in as they are relatively implicit (Michael , 2009; the design processes of large system design (Suh, Yan, et al., 2011; Zhao, et al., 2012). Thus, it is 1995; Suh, 2001), (Suh, et al., difficult or even impossible to compensate for or 2000; Suh, 2001), manufacturing system design evade the shortcomings of a poor design concept (Suh, 2001; Kulak, et al., 2005), human–machine developed in the early stages of the design process

314 AGJSR 31 (Special Issue) 2013: 314-324 Dezhen Yang et al systems (Helander, 2007), materials and materials- expressed as processing (Nakao, et al., 2007; Kulak, et al., 2010), product design (Kulak, et al., 2010; Tang, et al., 2007), decision making (Kulak , et al., 2010; Celik, (1) et al., 2009), safety-critical system (Ahmed , et al., 2007), and supply chain management (Kulak , et where is the second level al., 2010; Schnetzler, et al., 2007). These principles functional requirement vector; [A]n×d is the design are widely used to solve various design problems matrix that characterizes the design. Each entry aij and provide better design solutions in the shortest of [A]n×d relates the ith FR to the jth DP, denoted term as they offer a systematic research process in by aij=∂FRi/∂DPj. n does not have to be equal to a design space which becomes complicated with d, namely during the decomposition process, the customer needs. Also, the fact that they can be design matrix developed may not be square; and generalized to different design areas renders them is the second level design even more effective and powerful. parameter vector. However, how to apply the principles to achieve the object of “Design-in of reliability” still (2) Design Axioms needs further studies. The present research thus There are two design laws in the form of axioms: the proposes an approach in which engineers could Independence Axiom and the Information Axiom. determine explicit reliability requirements of the (A) The Independence Axiom states that the products simultaneously with the applications independence of functional requirements of AD principles for product design, analyze (FRs) must always be maintained, where FRs failures that cause difficulties for the realization are defined as the minimum set of independent of reliability thoroughly, and take measures to requirements that characterize the design mitigate them. goals (Kulak and Kahraman, 2010). In order to satisfy the Independence Axiom, [A]n×d Product Design through Axiomatic Design matrix should have an uncoupled or decoupled Principles design, namely the [A]n×d matrix should be square and must be diagonal or triangular. (1) Design Decomposition (B) The Information Axiom states that, among the A design description usually consists of multiple design solutions that satisfy the independence abstraction levels with the higher levels being more axiom, the best solution is the one that has abstract and the lower levels more detailed. At the lowest information content. The paper each level, there is a set of functional requirements conforms to the Independence Axiom only. (FRs). To decompose this set of FRs, the (3) A Case Study of Temperature Sensor needs to identify the set of design parameters (DPs) The main functional requirements of a temperature at this level. Such decomposition process, which sensor (TS) are to monitor the temperature of its alternates between design domains, is referred to installation environment in real-time (Anderson, as the ’zigzagging process’ (see figure 1). In this 2012). The aim is to prevent accidents caused by process, the lower-level FRs are consistent with over rising temperatures. Therefore, two lower- the DPs chosen and its parent FR (Suh, 2001). level functional requirements could be determined: The mapping between all the upper-level FRs and sensing the temperature (-55~125) of its installation DPs has to be realized before these FRs and DPs environment in real-time and outputting the can be decomposed to the lower-level FRs and temperature information (stimulating and DPs. This progressive process could be optimized transmitting the electrical signals of temperature). hierarchically. Each one should be mapped to one design In figure 1, the mapping between all the parameter at least. We choose a thermistor which same-level FRs and DPs can be mathematically could sense the environmental temperature using

315 AGJSR 31 (Special Issue) 2013: 314-324 Dezhen Yang et al the functions of resistance and temperature, and an The decomposition in axiomatic design electrical circuit as its stimulating and transmitting principles is an ideal process. In practice, there unit. figure 2 shows the first-level decomposition are several reasons why a system may be coupled, of FRs and DPs for TS. for example, implicit FRs and customer needs, The relationship between FRs and DPs for TS complexity of system components, system is mathematically expressed as constraints (Helander, et al., 2007). The AD principles did not give an approach to achieve the functional requirements sufficiently. Although the ((2) functional requirements are validated independent

where FRR1 is sense the temperature; FRR2 through the independence axiom, it is still not a denotes stimulate and transmit the electrical signals good solution because of its insufficiency. As the of temperature; DP1 is thermistor; DP2 denotes previous example exhibits, the solution merely electrical circuit for stimulating and transmitting satisfies the fundamental requirements: measuring the signals. the temperature. It does not take stability and accuracy into account.

Figure 1: Zigzagging to Decompose FRs and DPs

Figure 2: Zigzagging Diagram for TS

316 AGJSR 31 (Special Issue) 2013: 314-324 Dezhen Yang et al

Augmentation Process of Functional Do- between resistance and temperature should be main Considering Reliability Requirements eliminated. Therefore, two requirements have to be realized: In the axiomatic design principles, functional (a) Correcting the nonlinear errors between domain is a unified concept. To embody the resistance and temperature reliability requirements systematically, the (b) Preventing the changes of thermistor’s physical functional requirements should be subdivided into characteristics functions realization requirements and functions (2) Aiming at preserving the signals’ stability, the preserving requirements. Then the functional effects caused by slight wave propagation domain should be further divided into Functional of thermal field and external interference Requirement Realization domain (FRRD) and signals should be avoided. Therefore, two Functional Requirement Preserving domain requirements have to be realized: (FRPD) accordingly. (a) Preventing slight wave propagation of thermal (I) Functional Requirement Realization domain field (FRRD). The functions which embody the (b) Shielding external interference signals conventional requirements only, and are From the above, the augmented decomposition designed to satisfy the demands for customers. of functional domain would be established, which (II) Functional Requirement Preserving domain is shown in figure 4. (FRPD). The requirements are used to preserve For each function preserving requirement, all the functions in functional domain under engineers should also determine the design the effects of all uncertain factors (the paper parameters. Combined with zigzagging takes functions preserving requirements of decomposition of FRs and DPs, the relationship the product into consideration only, excluding between functions preserving requirements and the functions preserving ability provided by design parameters could be established, shown external systems). in figure 5. In this process, the design parameters A function realization requirement may be would be augmented or optimized correspondingly mapping to one or more functions preserving for the achievement of functional preserving requirements. Similarly, a function preserving requirements, namely, the relationship exists: requirement could be preserving one or . more functions realization requirements. The Being combined with Equation (1), the decomposition is shown in Figure 3. relationship between the FRs and DPs are We need to augment some functional mathematically expressed as requirements for the temperature sensor. It is to make sure that the sensor could sense the environmental temperature accurately, and transmit electrical signals of the temperature precisely. The augmented requirements are as follows. (3) (I) Preserving the stability of thermistor’s temperature characteristics (II) Preserving the stability of the electrical signals. According to the installation environment, the augmented requirements could be further where is the design matrix augmented from decomposed. [A]n×d; is the second (I) Aiming at preserving the stability of thermistor’s level functional requirement realization vector; temperature characteristics, the physical is the second level characteristics of thermistor should not be functional requirement preserving vector; and changed firstly. Secondly, the nonlinear effects is the preservation matrix that characterizes

317 AGJSR 31 (Special Issue) 2013: 314-324 Dezhen Yang et al the relationship between functional requirement requirement is not satisfied, and then determine the preserving domain and physical domain. design parameters to prevent it. Theoretically, the Functions preserving requirements are characteristic is known as failure or failure modes also functional requirements. According to the (failure mode is the manner by which a failure independence axiom, if the augmented matrix is observed, such as no-output, output error. It is generally described as the way the failure occurs is diagonal or triangular, then the design is and its impact on product operation.). Engineers uncoupled or decoupled. However, to determine should consider functions preserving requirements design parameters for functions preserving and their implementations as early as possible. In so requirements directly is a problem. doing, engineers would take initiation to eliminate The paper presents an approach to solve it the failure modes or reduce the occurrence from the perspective of failure. Engineers could probabilities to prevent the disappearance or analyze the functional characteristic and its causes reduction of function preserving ability, and thus on the assumption that a function preserving achieve satisfying products with less iteration.

Figure 3: New Decomposition of FRs

Figure 4: The Augmentation of TS’s Functional Domain

318 AGJSR 31 (Special Issue) 2013: 314-324 Dezhen Yang et al

Figure 5: Corresponding Decomposition of FRs and DPs

Determination of Reliability Design Parameters Through failure modes mitigation Figure 6: The Closed-loop Process of FM2 (1) Failure Modes Mitigation Although the concept “mitigation” is explored Combined with the closed-loop process of numerously in engineering, its definition is still not FM2 and the independence axiom, engineers clarified. Since failure modes mitigation aims to could identify the failure modes leading to the improve the reliability, the definition is proposed disappearance or reduction of function preserving firstly based on the notions of reliability growth in ability in function preserving domain through standards, the core idea of failure modes mitigation failure modes and effects analysis (FMEA), and in GEIA-STD-0009 and the comprehension in then mitigated them, especially the ones with high engineering practices. severity or occurrence probability. The functional Definition 1: Failure modes mitigation should FM2 process based on independence axiom and be a hybrid process, in which the improving logic decision is shown in figure 7. measures, operational compensatory provisions, (A) Identify the failure modes leading to the diagnosis means are employed to eliminate the disappearance or reduction of function preserving failure modes or reduce the occurrence probabilities ability in function preserving domain through according to the causes and severity of failure FMEA: FMEA is a procedure by which each modes. It is denoted by FM2. potential failure mode in a system is analyzed FM2 process is a closed-loop one, shown to determine the results or effects exerted on the in Figure 6 (GEIA-STD-0009, 2009). It begins system, and to classify each potential failure mode with the analysis of failure modes introduced according to its severity. In application, engineers in the early stage of design, maybe after the first could refer to worksheet shown in the example decomposition of FRs and DPs, and does not end formats in table 1. certainly, it can be tailored. until the procedures of mitigating the failure modes have been validated to be efficient.

319 AGJSR 31 (Special Issue) 2013: 314-324 Dezhen Yang et al

Figure 7: The Functional FM2 Process Based on Independence Axiom and Logic Decision

Table I: Example of FMEA worksheet format failure effects function preserving failure failure severity occurrence no. local next higher end requirement mode cause class probability effects effects effects (I) (II) (III) (IV) (IV) (IV) (V) (VI) Table II: The FMEA worksheet of temperature sensor function preserving no. failure mode failure cause failure effect requirement the nonlinear errors between FM11:be higher than the result is higher than resistance and temperature correcting the nonlinear actual temperature the real situation is uncorrected 1 errors between resistance the nonlinear errors between and temperature FM12:be lower than the result is lower than resistance and temperature actual temperature the real situation is uncorrected FM21:non-output thermistor is damaged TS is damaged signals because of collision remainders affect the preventing the changes FM22:be higher than the result is higher than thermistor, and change its 2 of thermistor’s physical actual temperature the real situation physical characteristics. characteristics remainders affect the FM23:be lower than the result is lower than thermistor, and change its actual temperature the real situation physical characteristics. FM31:be higher than there are some deviations the result is higher than preventing slight wave actual temperature for interference. the real situation 3 propagation of thermal FM32:be lower than there are some deviations the result is lower than field actual temperature for interference. the real situation FM41:be higher than there are some deviations the result is higher than shielding external actual temperature for interference. the real situation 4 interference signals FM42:be lower than there are some deviations the result is lower than actual temperature for interference. the real situation

320 AGJSR 31 (Special Issue) 2013: 314-324 Dezhen Yang et al

Figure 8: An Decomposition Example of FRs and DPs—TS (I) Function preserving requirement. Engineers I (Catastrophic), II (Critical), III (Marginal) should analyze the function preserving and IV (Minor). requirement item by item. (VI) Occurrence probability. The possibility a (II) Failure mode. The failure modes lead to failure mode occurs in the operational process. the disappearance or reduction of function After the analysis, engineers could mitigate the preserving ability in function preserving failure modes according to severity class and domain. One function preserving requirement occurrence probability. may correspond to more than one failure modes. (B) Whether the composition of FRs is completed? (III) Failure cause. The physical or chemical If the answer is “Yes”, the second question processes, design defects, quality defects, part is followed up as “whether the failure mode misapplication, or other processes which are is coupled with other failure modes?”; if the the basic reason for failure or which initiate answer is “No”, then perfect the decomposition the physical process by which deterioration of FRs, feedback it to the first phase and readjust proceeds to failure. One failure mode may the decomposition. correspond to more than one failure causes. (C) Whether the failure mode is coupled with other (IV) Failure effects. The consequence(s) a failure failure modes? mode has on the function. Failure effects are If the answer is “Yes”, then determine the classified as local effect, next higher effect, and coupled failure modes set, and continue to end effect. Local effect is the consequence(s) a answer the third question “whether there are failure mode has on the function of the specific measures for design parameters to eliminate function preserving requirement analyzed. the failure modes?”; if the answer is “No”, Next higher effect is the consequence(s) a continue to answer the third question directly. failure mode has on the function of the items (D) Whether there are measures for design in the next higher indenture level above the parameters to eliminate the failure modes? indenture level under consideration. End effect If the answer is “Yes”, then implement the is the consequence(s) a failure mode has on the measures for design parameters, feedback it to function of the highest indenture level. the first phase and readjust the decomposition; (V) Severity class. Severity classifications are if the answer is “No”, continue to answer the assigned to provide a qualitative measure of the forth question “whether there are improvements worst potential consequences resulting from a for design parameters to reduce the occurrence failure mode. It is divided into four categories: probabilities of the failure modes?”

321 AGJSR 31 (Special Issue) 2013: 314-324 Dezhen Yang et al

(E) Whether there are improvements for collision deformation. However, the ability to design parameters to reduce the occurrence sense temperature outside in real-time should probabilities of the failure modes? be ensured, and the self-heating effects be If the answer is “Yes”, then implement the avoided. Therefore, stainless steel is adopted measures for design parameters, feedback it to as the materiel of housing. the first phase and readjust the decomposition; (III) FM31 and FM32. A filter capacitor is if the answer is “No”, and if the effects of the augmented to filter noise waves. failure modes are severe, the program needs to (IV) FM41 and FM42. A shield is adopted to be altered. prevent external interference signals. (F) If the failure modes have been mitigated, then From the above, the decomposition of answer the question: whether the decomposition temperature sensor is shown in Figure 8. The is satisfying the independence axiom? mathematical express is as follows: If the answer is “Yes”, continue to answer the sixth question; if the answer is “No”, feedback it to the first phase and readjust the (4) decomposition. (G) Whether the number of failure modes with high severity or occurrence probability can be where FRR1 = sense the temperature; FRR2 = limited to an acceptable scope? stimulate and transmit the electrical signals of If the answer is “Yes”, output; if the answer temperature; FR = shield external interference is “No”, feedback it to the second phase and P1 signals; FRP2 = prevent the changes of thermistor’s continue to mitigate the failure modes. physical characteristics; FR = prevent slight In fact, it is necessary to make sure the P3 wave propagation of thermal field; FRP4 = correct measures taken to eliminate the failure modes or the nonlinear errors between resistance and reduce the occurrence probabilities are efficient temperature; DP1 = thermistor; DP2 = electrical through reliability tests etc. However, in early circuit for stimulating and transmitting the signals. stages of the development, designers do not get DP = stainless steel housing; DP = seal; DP = the physical entities. They could not conduct the 3 4 5 linear circuit; DP6 = filter capacitor; tests. For the time being, designers could verify From Equation (4), we can conclude that the the efficiency preliminarily combined with the requirements of temperature sensor are independent independence axiom. according to the independence axiom. And the (2) Failure Modes Mitigation for Temperature failure modes analyzed have been eliminated Sensor while the improvements have been implemented. The FMEA worksheet of temperature sensor is Certainly, the augmented design parameters will shown in Table 2 without considering severity also have impacts on the design. It could be further class and occurrence probability of failure modes. analyzed in the lower-level with Hypothesize all the failure modes analyzed should the approach the paper proposed. be mitigated. Combined with the failure modes mitigation Conclusions process shown in Figure 7, we determine We can draw the conclusions as follows: improvement measures for each failure modes. (1) Aiming at solving the problem about designing- (I) FM11 and FM12. A linear circuit is adopted in of reliability requirements to products to correct the nonlinear errors between systematically, the paper presents an approach thermistor’s temperature and resistance. to design reliability requirements explicitly (II) FM21, FM22 and FM23. Housing and seal during the design process through axiomatic are adopted to prevent the remainders. design. Then the reliability solution could be The housing could also be used to prevent determined. 322 AGJSR 31 (Special Issue) 2013: 314-324 Dezhen Yang et al

(2) The application efficiency of axiomatic design References principles is quite dependent on the sufficiency of functional requirements analysis. However, Ahmed R; Koo JM; Jeong YH; and Heo G the AD principles did not give an approach to (2011) Design of Safety-Critical Systems achieve all functional requirements. Aiming using the Complementarities of Success and at solving the problem, a new concept is Failure Domains with a Case Study. Reliability proposed: functional requirements preserving Engineering System Safety, 96 (1): 201-209. domain. From the perspective of preserving the Celik M; Cebi S; Kahraman C; and Deha Er functions realization requirements, engineers I (2009) Application of Axiomatic Design could specify the implicit requirements, and TOPSIS Methodologies under Fuzzy and then augment and perfect the functional Environment for Proposing Competitive domain. Strategies on Turkish Container Ports in (3) With the view of disappearance and reduction Maritime Transportation Network. Expert of function preserving ability, the paper offers Systems with Applications, 36(3): 4541-4557. a new approach to identify failure modes. It Diyar A; Osman K; and Brian H (2011) assures that the failure modes and failure Evaluation using Interval causes identified are complete. Taking the Type-2 Fuzzy Information Axiom. Computers closed-loop process of FM2 as the main line, in Industry, 62 (2): 138-146. we establish a control process of failure modes GEIA-STD-0009 (2009) Reliability Program mitigation based on the independence axiom Standard for : Development, and logic decision. and Manufacturing, (In Press). (4) All the approaches proposed in the paper are Gong Q; Zhang JG; Tan CL; and Wang demonstrated feasible and efficient through a CC (2012) Neural Networks Combined case study: the design of a temperature sensor. with Importance Sampling Techniques for However, there still remain some other Reliability Evaluation of Explosive Initiating problems which need to be studied further in Device. Chinese Journal of Aeronautics, 25 the future. (2): 208-215. (5) If there is more than one solution satisfying Greg, WA (2012) Development and Testing of the independence axiom, then engineers A Multiplexed Temperature Sensor. Umi should evaluate them through the information Dessertation Publishing, (from Proquest). axiom. The Augmented functions preserving Huang HZ; and Zhang X (2009) Design requirements are mainly qualitative, so the Optimization with Discrete and Continuous quantity evaluation approach needs further Variables of Aleatory and Epistemic work. Uncertainties. Journal of Mechanical (6) The application of the approaches proposed Design, 131 (3): 031006-1-031006-8. above in the decomposition of physical domain Helander MG (2007) Using Design Equations and process domain also needs further studies. to Identify Sources of Complexity in Human Besides, we can see that more than one Machine Interaction. Theoretical Issues in failure mode have been mitigated through Ergonomics Science, 8 (2): 123-146. the same improvement from the case, which Kulak O; and Kahraman C (2005) Multi-attribute shows that there are interconnections among Comparison of Advanced Manufacturing failure modes. Although it is mentioned in the Systems using Fuzzy vs. Crisp Axiomatic mitigation process, we did not present those Design Approach. International Journal of details due to the limitation. Production Economics, 95 (3): 415-424. Kulak O; Cebi, S; and Kahraman C (2010) Applications of Axiomatic Design Principles: A Literature Review. Expert Systems with

323 AGJSR 31 (Special Issue) 2013: 314-324 Dezhen Yang et al

Applications: An International Journal, 37 (9): of Aircraft Structure. Chinese Journal of 6705-6717. Aeronautics, 24 (2): 164-170. Li JH; Mosleh A; and Kang R (2011) Likelihood Yao J; Xu MG; and Zhong WQ (2012) Research Ratio Gradient Estimation for Dynamic of Step-down Stress Accelerated Degradation Reliability Application. Data Assessment Method of a Certain Type of System Safety, 96 (12): 1667-1679. Missile Tank. Chinese Journal of aeronautics, Nakao M; Kobayashi N; Hamada K; Totsuka T; 25 (6): 917-924. and Yamada S(2007) Decoupling Executions Zhao CX; Chen Y; Wang HL; and Xiong in Navigating Manufacturing Processes for HG (2012) Reliability Analysis of Aircraft Shortening Lead Time and its Implementation Condition Monitoring Network using an to An Unmanned Machine Shop. CIRP Annals Enhanced BDD Algorithm. Chinese Journal of Manufacturing Technology, 56 (1): 171-174. aeronautics, 25 (6): 925-930. Pecht M (2009) Product Reliability: Maintainability, and Supportability Handbook. 2nd ed. Taylor & Francis Group, LLC, New York, USA. Schnetzler MJ; Sennheiser A; and Schonsleben P (2007) A Decomposition Based Approach for the Development of A Supply Chain Strategy. International Journal of Production Economics, 105 (1): 21-42. Suh NP (2001) Axiomatic Design: Advances and Applications. Oxford University Press, New York, USA. Suh NP (1995) Design and Operation of Large Systems. Journal of Manufacturing Systems, 14 (3): 203-213. Suh NP (1990) The Principles of Design. Oxford University Press, New York, USA. Suh NP; Sung HD (2000) Axiomatic Design of Software Systems. CIPR Annuals Manufacturing Technology, 49 (1): 95-100. Tang DB; Zhang HJ; and Dai S (2007) Design as Integration of Axiomatic Design and Design Structure Matrix. Robotics and Computer Integrated Manufacturing, 25 (3): 610-619. Wang Z; Huang HZ; and Liu Y (2010) A unified Framework for Integrated Optimization under Uncertainty. Journal of Mechnical Design, 132 (5): 051008-1-051008-8. Xiao NC; Huang HZ; Wang Z; Liu Y; and Zhang X (2012) Unified Uncertainty Analysis by the Mean Value First Order Saddle Point Approximation. Struct Multidiscipline Obtimization, 46 (6): 803-812. Yan, CL; and Liu KG (2011). Theory of Economic Life Prediction and Reliability Assessment

324